The average worker is now more mobile than ever, and wherever we go, there’s a good chance our laptop is with us – full of sensitive and confidential data. Meanwhile, research from Gartner tells us that a laptop is stolen every 53 seconds, so it is little wonder why manufacturers continue to focus on developing technology that minimises the damage caused by your laptop ending up in the wrong hands.
Bearing the responsibility of powering so many of our portable PCs, the emphasis has been on Intel to implement security solutions within the very hardware to help protect our data, and the company’s Business Client Marketing Manager, Rob Sheppard, was keen to highlight the importance of capitalising on Intel's latest security functions when quizzed by ITProPortal. In particular, Sheppard talked up the company's work on encryption support and the impressive Anti-Theft Technology.
“If you’re looking at how to safeguard your data, the first thing everyone should think about is data encryption,” said Sheppard, stating that encryption is still “absolutely the first step” for companies looking to apply security solutions.
This year, Intel updated its Advanced Encryption Standard (AES) Instructions Set to version 3.01, meaning its hardware support for data encryption and decryption is faster and more secure than ever before. The new architecture consists of six instructions for AES support; four instructions supporting the AES encryption/decryption itself, and two instructions supporting the AES key expansion.
Asked whether organisations still needed educating about making the most of such technology, Sheppard claimed, “The penny is dropping for sure. But surprisingly, many organisations are still not using encrypted data. Even with someone as big as NASA, it wasn't in their policy.”
The Intel manager was referring to the space agency’s surprising admission that many of its work devices did not use whole disk encryption software, following the theft of an employee’s laptop on 31 October. The incident meant records of “sensitive personally identifiable information for a large number of NASA employees, contractors, and others” were left unprotected in the hands of the offender. NASA has since embarked on a project to ensure encryption is implemented on a greater number of its devices by 21 December.
But encryption represents something of a bare essential in the current age of corporate security, says Sheppard, who warns that, alone, “it doesn’t necessarily fix the problem.”
“Firstly, you face the challenge of not being able to manage the machine remotely,” he says of the technology. “And secondly, encryption doesn’t work if the machine is in sleep mode.” With most encryption products, once the password is entered, all data is accessible until the device is fully booted down. So even in sleep mode, decryption keys remain in memory and can therefore be accessed – leaving data vulnerable.
That’s why Intel has created the so-called “poison pill” for its devices from the 2nd generation processor family upwards, to ensure thieves cannot access sensitive data even if they have the device fully booted and in their hands.
The Anti-Theft Technology enables the laptop to be locked down to an inoperable state automatically or by remote command, and with the data protection offering, access to encrypted data on the hard drive is locked down too. Because the solution is hardware-based it is tamper-resistant, and the poison pill blocks the entire boot process, even if the boot order is changed or the hard drive is replaced or reformatted.
Once the user believes the device has been lost, their IT administrator can send the pill via the net or an authenticated SMS message (if a 3G connection is established) which instantly blacks out the computer. Even if the owner is unaware the device has been stolen, a series of detection methods can also be set to elicit the block. Excessive login attempts in the pre-boot authentication screen, missed check-ins with the central server, and exceeding a user-set time limit at the Windows login stage are among the triggers that can render the device unusable.
If another user tries to restart the laptop, they are greeted with a message informing them that the device has been locked – which can be customised to add the owner's details and how it can be returned. Passwords, codes and the remote sending of messages can reactivate the device after the block, with all data and programs ready to use as before.
With technology that continues to advance, Intel is proving that good security goes beyond the software a user installs. The encryption support and Anti-Theft features in modern hardware ensures that valuable work information and personal data is kept secure, even if the laptop is – seemingly – out of your control.